Application LayerAn application program, separate from the key manager, initiates data transferfor tape storage. See “Application-Managed Tape Encryption” for supportedapplications.Library LayerThe enclosure for tape storage, such as the Dell PowerVault TL2000/TL4000and ML6000 family. A modern tape library contains an internal interface toeach tape drive within it.Application-Managed Tape EncryptionThis method is best where operating environments run an application alreadycapable of generating and managing encryption policies and keys. Policiesspecifying when encryption is to be used are defined through the applicationinterface. The policies and keys pass through the data path between the applicationlayer and the encrypting tape drives. Encryption is the result of interactionbetween the application and the encryption-enabled tape drive, and does notrequire any changes to the system and library layers. Since the applicationmanages the encryption keys, volumes written and encrypted using the applicationmethod can only be read using the application-managed encryption method, bythe same application that wrote them.Encryption Key Manager is not required by, or used by, application-managedtape encryption.The following minimum version applications can be used to manage encryption:v CommVault Galaxy 7.0 SP1v Symantec Backup Exec 12LibraryLibrary Drive InterfaceApplicationPolicyPolicyorData PathData Patha14m0252Figure 1-2. Two possible locations for encryption policy engine and key management.1-4 Dell Encryption Key Mgr User's Guide